Account API Tokens

What are Account API Tokens?

API tokens grant access to update data in all the projects of your account. It should be kept privately, like any other credentials, but stronger since it controls all your accounts
Only Account Administrator can see the API Token screen through the Account Settings.
For more information on how to use the api tokens via the API goto API General page.

What is the API Token name for?

Api Tokens have names so you can remember to who / what you gave access via the api tokens.
API Tokens that start with underscore are reserved for specific use / specific integration. Don’t use them unless it’s for a specific reason (followed by our instructions).

Best Practice

Since you can create as many api_tokens as needed, rename them, disable and enable them, it is a best practice to give different api_tokens to different (code) purposes / business needs. Once you may have different business needs, or you’ll need to disable one of the functionality, it will be easier for your to just disable one API_Token at a time

Security

Your API Tokens should be kept private, like any other credentials:

Never send your API Token via an email

If you’re writing a script or program that accesses the API, do not pass the token in cleartext (use HTTPS exclusively)

Do not embed your token with your code if that code is visible to others. This is especially important with JavaScript, since JavaScript code is visible to anyone that has access to the page it’s running on.

Give specific API usage different API Tokens with an explicit name.

If you suspect that your API token has been compromised, or you’re not sure for what reason it is used – Delete or Disable it.